SQL as a high-level declarative programming language. Domain-specific languages. Automated creation and manipulation of SQL. Example: SkyServer. Description of HTML injection and SQL injection. Accessing databases from programming languages: ODBC, JDBC, sample Java code for SQL queries. Demotion of SQL queries from structured programming to flat strings.
The lecture described handling SQL queries from Java. If your favourite programming language / framework does it differently (better?) then post details in the comments.
Homework: Have a look at these two tutorials on database access in Java and C#.
You don’t need to work through every detail, but the key is to see how these languages provide control of SQL. If you have another language you prefer, then find out how that provides database access.
The Sloan Digital Sky Survey (SDSS) and its SkyServer database.
If you want to see the queries I used in the lecture, including how to locate the non-planet Pluto, then ask in the comments and I’ll post them.
SQL injection examples.
- Secunia advisory 33877, 11 February 2008.
A security advisory from earlier this week, announcing an SQL injection vulnerability in the w3b.
- A beginner’s guide to injecting SQL.
- SQL injection by example.
- SQL injection cheat sheet.
- Little Bobby Tables.
- Car licence plate.
Database connectivity frameworks.